Security has become a widespread concern for computer users. Viruses, worms, Trojan horses, identity theft, software and media content piracy, and extortion using threats of data destruction are rampant. An operating system can provide numerous security features to guard against such attacks. However, the security features of an operating system are ineffective if they are disabled. Disabling such security features, if it is attempted, will likely be attempted during the boot of the operating system. After boot, an operating system may have numerous features in place for protecting itself and the data and processes which it manages. During boot, however, those features may not yet be initialized and are vulnerable to bypass and/or tampering.
To this end, a secure boot process for a computer with a TPM has been developed by MICROSOFT®, as can be understood with reference to a U.S. patent application entitled “Systems and Methods for Securely Booting a Computer With a Trusted Processing Module,” U.S. patent application Ser. No. 11/031,161, filed Jan. 7, 2005. Also related to this application are a U.S. patent application entitled “Systems and Methods for Controlling Access to Data on a Computer with a Secure Boot Process,” U.S. patent application Ser. No. 11/036,415, filed Jan. 14, 2005, and issued on Jul. 21, 2009, with U.S. Pat. No. 7,565,553, a U.S. patent application entitled “Systems and Methods for Boot Recovery in a Secure Boot Process on a Computer with a Hardware Security Module,” U.S. patent application Ser. No. 11/035,715, filed Jan. 14, 2005, and issued on Mar. 17, 2009, with U.S. Pat. No. 7,506,380, and a U.S. patent application entitled “System and Method for Protected Operating System Boot Using State Validation” U.S. patent application Ser. No. 10/882,134, filed Jun. 30, 2004.
Systems and methods for secure boot processes on computers with TPMs will likely need to rely on technology for maintaining and updating the boot process. Such updates, while they may occur rarely, may require techniques to effectively integrate maintenance with TPM security. Perhaps because TPM secured boot processes remain largely unexplored, maintenance of such systems is also unexplored. Thus there is an unmet need in the industry to address the maintenance and update of TPM secured boot processes.